{"id":"agricidaniel-wp-mcp-ultimate","name":"wp-mcp-ultimate","homepage":null,"repo_url":"https://github.com/AgriciDaniel/wp-mcp-ultimate","category":"cms","subcategories":[],"tags":["wordpress","mcp","model-context-protocol","cms-automation","php","api-integration","ai-agents"],"what_it_does":"WP MCP Ultimate is a self-contained WordPress plugin that exposes WordPress functionality as an MCP (Model Context Protocol) server with 58 abilities (posts/pages/media/users/plugins/menus/comments/options/system management). It also provides an admin dashboard for generating an Application Password/API key and exporting MCP client configuration snippets, enabling an MCP-compatible AI client to manage WordPress via streamable HTTP transport.","use_cases":["Letting an MCP-compatible AI agent read and manage WordPress content (create/update posts, pages, and media)","Automating moderation workflows (e.g., comments) via AI-assisted MCP actions","Managing WordPress site configuration and plugins through AI actions","Providing a standardized interface for CMS operations from Claude Code/Claude Desktop/Cursor or other MCP clients"],"not_for":["Handling sensitive production admin operations without careful permissioning/review","Use in environments without HTTPS/TLS support","High-trust environments where the AI agent should not be able to mutate WordPress state"],"best_when":"You need an MCP-based bridge between WordPress and an MCP-compatible AI client to automate CMS tasks, and you can secure and constrain the generated Application Password/API key.","avoid_when":"You cannot restrict agent capabilities or you cannot control/monitor what the AI client will invoke on the MCP server.","alternatives":["WordPress REST API directly with an MCP adapter layer","Existing MCP adapters/expose-abilities plugins (as referenced by this project)","Custom middleware/bridge service that wraps WordPress APIs and enforces allowlists"],"af_score":55.5,"security_score":51.2,"reliability_score":30.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:38:36.424877+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Application Password (generated via WordPress admin Tools > MCP Ultimate)"],"oauth":false,"scopes":false,"notes":"Authentication is described as an Application Password generated in the WordPress admin and used by the MCP client configuration snippet. The README does not state any fine-grained OAuth scopes for MCP actions."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"GPL plugin; pricing not described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":55.5,"security_score":51.2,"reliability_score":30.0,"mcp_server_quality":70.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":10.0,"tls_enforcement":50.0,"auth_strength":60.0,"scope_granularity":40.0,"dependency_hygiene":55.0,"secret_handling":50.0,"security_notes":"The README indicates usage of a WordPress Application Password generated via the admin. It does not describe TLS requirements, secret storage/logging practices, or action-level scope/granularity for MCP abilities. Given the wide mutation surface (posts/media/users/plugins), least-privilege and operational safeguards are important.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":40.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["AI clients must be configured with the generated Application Password/API key; leaked credentials would grant CMS access.","Because the plugin provides mutation capabilities across many WordPress domains (content/users/plugins), agents should use strict allowlists/approval workflows.","Behavior may depend on WordPress version capabilities; the project mentions an Abilities API polyfill for WordPress < 6.9."]}}